We've produced a
guide that describes how to patch your installation and
we've also produced an Umbraco package that will try to
patch your installation automatically and if it can't
it'll guide you how. You can find the package in the package
repository under Developer tools and it's called "ASP.NET Security
Vulnerability Patch":

When you run the package, it'll show you a status on whether or
not your website is vulnerable. If it is there's a big "Fix this
problem" button to press:

We're seeding this information via the update checker, our
mailing list and our twitter accounts but please help us spread the
word. This speechbubble (yes, we'll need to work on the css on long
messages!) will be shown to all administrators that log in to
Umbraco over the next 14 days. It'll show even if you've patched
your installation - unfortunately we don't have any way to prevent
this as the patch isn't related to the Umbraco core:

The Panic Fund

We were able to make, test and distribute this patch because of
our Panic Fund. In the HQ we have an account which makes it
possible to book all HQ staff on core development for a week. We
can use this fund in cases of emergencies like the this one.
Despite the frustrating circumstances, it's just yet another
example of why I'm proud of how we've managed to build the Umbraco
HQ and why it makes the whole project sustainable.